This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Microsoft XML > June 2004 > XPath
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Jan Plastenjak 2004-03-30, 10:15 pm |
| Hi,
How to set XPath string to sign only node(and sub nodes) of /a/b/c in
document
<a>
<b>
<c>123</c> <!-- this node i would like to sign -->
</b>
<c>caca</c>
<d>qwer</d>
<f>
<a>
<b>
<c>fffff</c>
</b>
</a>
</f>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="issuer">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<ds:XPath>????????</ds:XPath>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>...</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue> ...</ds:SignatureValue>
</ds:Signature>
</a>
If i use "<ds:XPath>/a/b/c</ds:XPath>", I sign whole document. How to sign
only /a/b/c node?
Thanks
| |
|
| Hi,
Probably you solved this one ages ago, but as it was not put here...
The answer I found is "<XPath>self::c and ../parent::a and parent::b and not(../../../..)</XPath>". It is not the prettiest possible; therefore if someone has nicer one...
Funny thing is that I cannot verify this signature with .NET, but no problem to verify it here http://www.aleksey.com/xmlsec/xmldsig-verifier.html.
Can someone check if next version of .NET framework will be able to verify it, please?
Many thanks,
Pak76
Example:
<a><b><c>123</c></b><c>caca</c><d>qwer</d><f><a><b><c>fffff</c></b></a></f><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://w
ww.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath>self::c and ../parent::a and parent::b and not(../../../..)</XPath></Transform><Transform Algorithm="http://www.
w3.org/2000/09/xmldsig#enveloped-signature" /><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>lu/3RYy0kycuon1CBozeDbT5ATw=</DigestValue></Referen
ce></SignedInfo><SignatureValue>WFk0jisaN8L2hoC7IH+nf16eu5zmNVgYMmT64txJePvKcSgzQU2saXMCA5HgSOJpJ71tP84mBJUY4qx735FhYsd684slPujGrW+P1cN4A9UYJpCaFlk+OaBm0sZYieMNs6Bwh8UhwdUMSVQWIOO3XMM1nU6NNQT9UtrplCVZGfFwuKxEy9g2+KJodbIOwkl2SWtrnqgCG9LkzyEmfV/N05wE/mhcayA
ft5GoVWUEz0aS75PAJjzoV7VbglBpCGMfedkiz3hhy1RRN2M0l5CdWH6QlDIHM4D2rbrl0m1naPAiUv2B1u8Yf9M8+Aag8oEmOFQJ+wmdgWNv8aQSPIhq+Q==</SignatureValue><KeyInfo><KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"><RSAKeyValue><Modulus>u3J5BvBgKp0L2mIqhak/jlKl2WsKP76Q8
08XF4JujG9o5XeXCDBb9EnRuvaE/4GSMWJBkYfYWRJqP4w05dqkI4wlScTobLrbw9nYCxc4++n26oI1gnleDnrgfhynqpB7Bml2NzF9R8NymMafMOW3B2xaeYWDWyPWQpVJItJHkvDDGN6IqdbNSGXKXXg5sogGQmbArXI1WHi0Eh2osx8Gq152DRdYQkIwwDV5Ij4Ox+BXqbp4ir2IsvmKzqXIp5dUSYlfZ4E2LMEwZgAtJQY4GqdcyBY8BThd
s61mCL3xM2Kqgqxop0brJSNctO6dRBoQ32NTwnSWDZY25naL7TEBUw==</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyInfo></Signature></a>
"Jan Plastenjak" wrote:
> Hi,
>
> How to set XPath string to sign only node(and sub nodes) of /a/b/c in
> document
>
> <a>
>
> <b>
>
> <c>123</c> <!-- this node i would like to sign -->
>
> </b>
>
> <c>caca</c>
>
> <d>qwer</d>
>
> <f>
>
> <a>
>
> <b>
>
> <c>fffff</c>
>
> </b>
>
> </a>
>
> </f>
>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="issuer">
>
> <ds:SignedInfo>
>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
> <ds:Reference URI="">
>
> <ds:Transforms>
>
> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>
> <ds:XPath>????????</ds:XPath>
>
> </ds:Transform>
>
> </ds:Transforms>
>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
> <ds:DigestValue>...</ds:DigestValue>
>
> </ds:Reference>
>
> </ds:SignedInfo>
>
> <ds:SignatureValue> ...</ds:SignatureValue>
>
> </ds:Signature>
>
> </a>
>
>
>
> If i use "<ds:XPath>/a/b/c</ds:XPath>", I sign whole document. How to sign
> only /a/b/c node?
>
> Thanks
>
>
>
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|